Bunch of bots started to sign up for Simplified Chinese, like 300 people
Felt great, yeah, here we go
So I moved forward with the Project Heimdall migration, added new languages
Now I got a bunch of people signing up for ta Tamil. Like 40 people
Something was off.
One thing in common was that both lists that got tons of subscribers were the last list on Listmonk.
Seemed like an attack of some sort. I tried emailing a handpicked few, but none replied.
The emails were very authentic-looking, though. So it took a lot of work to tell which one was bogus or not.
So I tried adding an empty list and explicitly said "do not subscribe" on the list. Sure enough, a bunch of people still signed up. Look at these messes. Also, don't they look so authentic?
One odd thing was that usually when a subscriber signs up for Heimdall, the name field was the handle from the email company. These bogus subscribers had something like UUID.
Anyways, so I had to inspect all subscribers and batch-delete 400 subscribers.